> You have to set timeout on Fotinet device for protocol you need. Example
> for Oracle SQLNet protocol, Fortigate CLI:
>
> config system session-ttl
> set default 3600
> config port
> edit 1521
> set protocol 6
^^^^^
This one is clear, TCP.
> set timeout 28800
^^^^^^^^^^
But here, what kind of timeout is this exactly? TCP session timeout, NAT
connection tracking timeout or what?
Regards,
Simon
> set end-port 1521
> set start-port 1521
> next
> end
> end
>
> With regards, Ivica
>
> On Wed, Nov 9, 2022 at 9:09 AM Vieri Di Paola <vieridipa...@gmail.com>
> wrote:
>
>> On Wed, Nov 9, 2022 at 8:15 AM Simon Matter <simon.mat...@invoca.ch>
>> wrote:
>> >
>> > > The Fortinet admin has set the following in his FW:
>> > >
>> > > set protocol 6
>> > > set timeout 28800
>> > ^^^^^^^^^^^^^^^^^
>> > What's this value exactly?
>>
>> I don't have access to a Fortinet Fortigate system right now (and I'm
>> not the admin of the remote system anyway), but it seems to be a
>> "session timeout" as Fortinet seems to treat every connection as a
>> "session".
>> If that were true I guess it might be the equivalent of
>> net.netfilter.nf_conntrack_tcp_timeout_established which in my case is
>> 86400.
>> If that really were it then I wouldn't have to change anything.
>> The thing is that Fortinet seems to be able to apply a specific
>> timeout to a type of connection -- in this case any connection to port
>> tcp 1521 -- while net.netfilter.nf_conntrack_tcp_timeout_established
>> is system-wide.
>>
>> Or maybe Fortinet's "timeout" refers to something else.
>>
>> > Timeout can mean a lot. Could it be that the FW is doing some NAT and
>> this
>> > is the connection tracking timeout?
>>
>> I do not have that info.
>>
>> > Do you actually see any issues with these connections? Or do you just
>> want
>> > to have a matching configuration?
>>
>> Both.
>> The user has an application which connects to a remote Oracle DB. At
>> some point after x minutes idle the client software fails and
>> complains about a connection error. I've been told that it's because
>> of a timeout at FW level even though I'm guessing this wouldn't happen
>> if the software and/or client/server OS were properly configured with
>> keepalive connections.
>>
>> I'll try to get more info from Fortinet.
>>
>> Thanks
>>
>>
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
